PSA: If your WinRAR installation is older than version 6.23, released in August, you should update the software as soon as possible. The latest version patches a vulnerability that has been known for months. Recent reports indicate that state-backed hackers are actively exploiting it, increasing the urgency of the situation.
Google reports that malicious actors linked to the Russian and Chinese governments have recently initiated cyberattack campaigns using a WinRAR vulnerability that was addressed in August. Users who have not updated the popular file archiving program since then remain vulnerable.
The Zero Day Initiative discovered the issue, a buffer overflow problem caused by insufficiently validated data, in June. This could potentially allow attackers to access a target's memory and remotely execute code. An attack would be triggered when a user double-clicks on an archive to open WinRAR and then double-clicks an embedded file to access it without unpacking the archive. Security company Group-IB stated that cybercriminals have been exploiting this vulnerability to target the financial sector since at least April.
WinRAR version 6.23 fixed the flaw, but the software does not update automatically. Users need to locate and download the patch themselves. The latest version, 6.24, was released earlier this month and includes a couple of new bug fixes.
According to Google, groups connected to the Chinese government used compromised ZIP files in a phishing campaign targeting Papua New Guinea in late August. Since September, groups linked to the Russian military's GRU service have utilized the old vulnerability to distribute malware in multiple phishing campaigns targeting Ukrainians.
WinRAR has long been considered an almost essential third-party download due to its ability to compress and unpack file archive formats like RAR, particularly since Windows has traditionally only supported ZIP. Its technically limited but functionally unlimited free trial period has become a meme among PC users, which has contributed to the software's widespread use over the years.
However, the era of installing WinRAR or similar programs in new Windows installations may soon come to an end. The latest major update for Windows 11, version 23H2, introduces native support for alternative archive formats like RAR, 7-Zip, TAR, and GZ. Microsoft began rolling out the new version in late September.
Windows 10 users or those who have not updated Windows 11 to version 23H2 also have other options for handling compressed files, such as WinZip and 7-Zip. Researchers have not discovered any serious vulnerabilities in those tools recently.